PHP 5 Case analysis and implementation code for real IP address of client, 5 case analysis
$_server["REMOTE_ADDR" is often used in PHP get client IP.
(1) However, if the client is accessed using a proxy server, the IP address of the proxy server is taken, not the real client IP address. To get the real IP address of the client through the proxy server, it is necessary to use $_server["http_x_forwarded_for" to read.
(2) But only if the client uses "Transparent proxy", the value of $_server["Http_x_forwarded_for" is the real IP of the client (if it is a multilayer proxy, the value may be composed of the client's real IP and the IP of multiple proxy servers, by commas "," Separated).
(3) and in the case of "anonymous proxy", "Deceptive proxy" is the IP value of the proxy server (if it is a multilayer proxy, the value may consist of multiple proxy IP, separated by a comma ",").
(4) In the case of "High anonymous proxy", the value is null.
The REMOTE_ADDR and http_forwarded_for values in the HTTP header information are analyzed as follows, assuming that the client real IP is 221.5.252.160:
One, not using the proxy server PHP to obtain the client IP situation:
Copy the Code code as follows: REMOTE_ADDR = 221.5.252.160
Http_via= no value or no display
Http_x_forwarded_for = no value or no display
Second, the use of transparent proxy server situation: Transparent Proxies
Copy the Code code as follows: REMOTE_ADDR = Last proxy server IP
Http_via= Proxy Server IP
http_x_forwarded_for = Client Real IP (this value is similar across multiple proxy servers: 221.5.252.160, 203.98.182.163, 203.129.72.215)
This kind of proxy server still sends the client's real IP to the Access object, it can't achieve the purpose of hiding the real identity.
Third, the use of ordinary anonymous proxy server PHP get client IP situation: Anonymous Proxies
Copy the Code code as follows:
REMOTE_ADDR = Last Proxy server IP
Http_via= Proxy Server IP
http_x_forwarded_for = Proxy Server IP (this value is similar across multiple proxy servers: 203.98.182.163, 203.98.182.163, 203.129.72.215)
In this case, the real IP of the client is hidden, but the Access object is disclosed to the client using a proxy server to access them.
Iv. use of deceptive proxy servers: distorting Proxies
Copy the Code code as follows: REMOTE_ADDR = Proxy Server IP
Http_via= Proxy Server IP
Http_x_forwarded_for = Random IP (this value is similar across multiple proxy servers: 220.4.251.159, 203.98.182.163, 203.129.72.215)
This situation also revealed that the client was using a proxy server, but fabricated a bogus random IP (220.4.251.159) instead of the client's real IP to deceive it.
V. Use of high anonymous proxy server PHP to obtain client IP condition: Anonymity Proxies (Elite Proxies)
Copy the Code code as follows: REMOTE_ADDR = Proxy Server IP
Http_via= no value or no display
Http_x_forwarded_for = no value or not displayed.
These header messages may not be available, either REMOTE_ADDR or http_forwarded_for, because different browsers might send different IP header messages for different network devices. So PHP uses $_server["REMOTE_ADDR"], $_server["http_x_forwarded_for"] to get a value that might be a null value or a "unknown" value.
Another point to note when PHP gets the client IP is to use the function getenv (' http_x_forwarded_for ') or getenv (' remote_addr ') to achieve the same effect as the code above. However, getenv () does not support PHP running in the ISAPI mode of IIS.
REMOTE_ADDR is the IP of your client when it "shakes hands" with your server. If you use anonymous proxy, REMOTE_ADDR displays the IP of the proxy server.
HTTP_CLIENT_IP is the HTTP header sent by the proxy server. If "Super Anonymous proxy", the value of none is returned. Similarly, REMOTE_ADDR will be replaced with the IP of this proxy server.
$_server[' REMOTE_ADDR ']; The IP of the access side (possibly the user, possibly the proxy)
$_server[' Http_client_ip ']; Agent-side (may exist, can be forged)
$_server[' http_x_forwarded_for ']; The user is the agent in which IP is used (may exist or can be forged)
PHP code written according to the above scenarios:
Copy the Code code as follows:
<?php
function GetIP () {
$unknown = ' unknown ';
if (Isset ($_server[' http_x_forwarded_for ')) && $_server[' http_x_forwarded_for '] && strcasecmp ($_ server[' Http_x_forwarded_for '], $unknown)) {
$ip = $_server[' http_x_forwarded_for ');
}
ElseIf (Isset ($_server[' remote_addr ") && $_server[' remote_addr '] && strcasecmp ($_server[' Remote_ ADDR '], $unknown)) {
$ip = $_server[' remote_addr ');
}
}
?>
How PHP obtains the client's real IP
If you apply this function to a Web page that is restricted to IP access, other people will not be able to access the page even if they access the proxy server in the segment via IP.
A function is provided below: Define a function GetIP ()
function GetIP () {Global $ip;
if (getenv ("Http_client_ip"))
$ip = getenv ("Http_client_ip");
else if (getenv ("Http_x_forwarded_for"))
$ip = getenv ("Http_x_forwarded_for");
else if (getenv ("REMOTE_ADDR"))
$ip = getenv ("remote_addr"); Else$ip = "Unknow";
return $IP;}
How to use:
echo GetIP ();? >
Getenv ("REMOTE_ADDR") is used to obtain the IP address of the client, but if the client is accessed using a proxy server, it is the IP address of the proxy server, not the real client IP address. To obtain the real IP address of the client through the proxy server, it is necessary to use getenv ("Http_x_forwarded_for") to read.
However, if the client is not accessed through a proxy server, the value taken with getenv ("Http_x_forwarded_for") will be empty.
else if (getenv ("Http_x_forwarded_for"))
$ip = getenv ("Http_x_forwarded_for");
Indicates that if getenv ("Http_x_forwarded_for") takes a value that is not empty (that is, if the client uses a proxy server), the variable $ip equals the real IP value taken by getenv ("Http_x_forwarded_for").
The following $ip = getenv ("http_x_forwarded_for") will not be performed if the else if (getenv ("Http_x_forwarded_for") above has a null value (that is, no proxy server is used);
In this case, it has been confirmed that the client is not using a proxy server,
else if (getenv ("REMOTE_ADDR"))
How PHP obtains the client's real IP
. X.xxx. XXX Series IP, and this function obtains the LAN gateway egress IP address, if the visitor uses the proxy server, will not obtain the proxy server's IP, but obtains the visitor gateway the real IP. If you apply this function to a Web page that is restricted to IP access, other people will not be able to access the page even if they access the proxy server in the segment via IP. A function is provided below: Getenv ("REMOTE_ADDR") is used to obtain the IP address of the client, but if the client is accessed using a proxy server, it is the IP address of the proxy server, not the real client IP address. To obtain the real IP address of the client through the proxy server, it is necessary to use getenv ("Http_x_forwarded_for") to read. However, if the client is not accessed through a proxy server, the value taken with getenv ("Http_x_forwarded_for") will be empty. else if (getenv ("Http_x_forwarded_for")) $ip = getenv ("Http_x_forwarded_for"), indicating if getenv ("Http_x_forwarded_for") The value being taken is not null (that is, if the client is using a proxy server), the variable $ip is equal to the real IP value getenv ("Http_x_forwarded_for") takes. The following $ip = getenv ("http_x_forwarded_for") will not be performed if the else if (getenv ("Http_x_forwarded_for") above has a null value (that is, no proxy server is used); In this case, it has been confirmed that the client is not using a proxy server, thus obtaining the client's IP address via the else if (getenv ("REMOTE_ADDR")) line statement is also the true IP address.
http://www.bkjia.com/PHPjc/840753.html www.bkjia.com true http://www.bkjia.com/PHPjc/840753.html techarticle PHP obtains the client real IP address 5 case analysis and implementation code, 5 case analysis in PHP obtains the client IP commonly uses $_server["REMOTE_ADDR"]. (1) But if the client is using a surrogate ...